Field of the Invention
The present invention relates to authorization systems configured of a communication apparatus, a relay apparatus, and an authorization server, and particularly relates to relay apparatuses, relay methods, relay systems, and non-transitory computer-readable storage media for granting access authority to a communication apparatus with an authorization server.
Description of the Related Art
Recently, there are cellular phones, digital cameras, and the like that have functions for accessing resource servers for content sharing services, communication services, and the like on the Internet. A user can upload image content to a photo-sharing service, send messages to friends, or the like by using such communication apparatuses. Normally, a resource server for a photo-sharing service or the like manages access authority for resources such as content, files, and the like on the resource server in tandem with an authorization server (Japanese Patent Laid-Open No. 2011-39793).
Authorization servers are increasingly using the OAuth protocol to manage (grant) access authority. The authorization code type and the implicit type are examples of authorization types for obtaining an access token according to OAuth. In the case of the authorization code type, first, a communication apparatus obtains, from an authorization server, an access token indicating access authority for a desired resource and a refresh token for refreshing the access token. In the case of the implicit type, first, the communication apparatus obtains the access token from the authorization server. When making a request to obtain the desired resource from a resource server, the communication apparatus issues the request along with the access token obtained from the authorization server. The resource server sends the requested resource to the communication apparatus only in the case where the access token is valid. With the authorization code type, in the case where the access token has expired, the communication apparatus can refresh the access token by providing the refresh token to the authorization server.
The authorization server requires the user's authorization when delegating the user's access authority to the communication apparatus using the OAuth protocol. Normally, the authorization server presents an HTML screen for the user to carry out an operation for granting the access authority, and the user carries out the operation for granting the access authority in a web browser.
However, when the authorization server distributes the same access token to multiple communication apparatuses according the conventional technique, it is assumed that the user will need to carry out the operation for granting access authority using the web browser each time an access token is distributed. In other words, it is necessary for the user to carry out user authentication and operations for granting the access authority the same number of times as there are communication apparatuses. Such operations are complicated for the user.